Cloud Computing Security Assessment

Overview

Cloud computing offers several key advantages to organizations, including reduced costs, automation, hardware independence, high availability, and increased flexibility. Use of cloud technology also alters the risk landscape, impacting confidentiality, privacy, integrity, regulatory compliance, availability, and e-discovery, as well as incident response and forensics. Therefore, it is important to ensure that proper security controls are in place.

Key Benefits

Ease the transition to cloud-based servicesAvoid security pitfalls as customers transition to cloud-based services. Foundstone designs, implements, and assesses a cloud solution that will meet the security requirements of your customers.

Assure clients that your cloud solution is secureAssess the physical and application security of your cloud solution. Hosting companies or enterprises that host their own products or solutions can reassure clients and business partners about security. After the assessment, Foundstone provides a letter of attestation to disseminate to your new and current clients, assuring them that your cloud solution has been built with security best practices and requirements in mind.

Get next step recommendationsOur deliverables include a Comprehensive Cloud Computing Assessment report with summary report card, next step recommendations, a half-day Cloud Computing Assessment presentation and results review workshop, and a letter of attestation for your clients or business partners.

As a cloud computing service provider or as a private cloud host, Foundstone creates a custom engagement that assesses the implementation’s physical and application security. Foundstone then provides a letter of attestation to disseminate to your new and current customers, assuring them that your cloud solution is secure.

Foundstone’s methodology for each engagement is based on our overall assessment approach that includes:

Cloud Infrastructure Security AssessmentIn the Cloud Infrastructure Security Assessment, Foundstone consultants examine the logical network, applications, and services hosted by the cloud. Key services in this assessment may include the following:

Internal and external penetration

Application or product penetration

Host security configuration

Firewall security

VPN and remote access security

Physical security

Attack and penetration

Information retrieval

Pillage and cleanup

Governance, Policies & Procedures ReviewThe policies, procedures, and regulations followed by your organization may not be consistent with security best practices. The vendor’s policies and procedures are compared against industry best practices and regulatory compliance requirements that are specific to your organization. Based on the results, policies, procedures, and service legal agreements can be developed to bridge identified gaps. The areas covered as part of this review include:

Legal contract and SLA review

E-discovery and information management

Information and data lifecycle management

Compliance and audit

Business continuity and disaster recovery management

Information integrity and confidentiality assurance

Operation, administration, and access management procedures

Incident response management and forensics

All Foundstone projects are managed using our proven Security Engagement Process (SEP). A critical aspect of this process is continual communication with your organization to ensure the success of the engagement. The duration of this engagement depends on the size and nature of your cloud computing efforts and project scope.